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REMARKS 

Claims 1-6, 8-16, 19, 21, 23, 24 and 26 are all the claims pending in the application. 
Claim 21 has been amended to correct its dependency, as it previously depended on claim 17, 
which has been canceled. 

Claims 1-6, 8-16, 19, 21, 23, 24 and 26, stand rejected as being obvious from Abraham in 
view of Boebert. Applicant respectfully traverses this rejection at least for the reasons stated 
below. 

With respect to claims 1 and 13, it is admitted in the Office Action that Abraham does not 
disclose defining two object types and assigning an object type to each object, and that the 
assigning is done irrespective of the access rights of the user. Of course, as can be clearly 
understood, the system disclosed by Abraham is specifically directed at controlling access to 
objects based on users' access rights. For example, Abraham's title is "Method and Apparatus 
f or controlling Access to Data Elements in a Data Processing System Based on Status of an 
Industrial Process bv Mapping U ser's Security Categories and Industrial Process Steps" 
[emphasis added]. That is, Abraham clearly teaches that the access should be controlled 
according to user's permission to perform certain process steps. In explaining the mapping 
feature, Abraham states that "the security category field is used to differentiate between users 
who have access to data element based on the status and/or location of the data element" col. 11, 
Ins. 20-22, [emphasis added]. Thus, while the claimed invention controls process access to 
object irrespective of the user initiating the process, Abram teaches to the contrary. 
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Boebert also discloses a security mechanism that relies on user's access permission. See, 
e.g., Col. 10, Ins. 51-54: "Multi-Level Secure (MLS) Computer is capable of recognizing data of 
varying sensitivity and users of varying authorizations and ensuring that users gain access to only 
data to which they are authorized." Therefore, Boebert also requires that "[tjhere must be a 
method whereby the identity of a user can be authenticated." Col. 11, Ins 16-18. To implement 
his idea, Boebert teaches to construct enforcement table, such as that shown in Boebert' s Figure 
5b, wherein the permission to perform a certain action is determined according to the process 
domain (e.g., originated locally or via the internet) and the object type, examples of which are 
given in Figure 6. Boebert states that the "Domain/Type relationship is used to define the modes 
and consequence of access by process to objects." Col. 17, Ins. 30-31. 

Taking Abraham and Boebert in combination, as suggested in the Office Action, the 
combined disclosure and any suggestion thereof still falls short of the claimed invention. That is, 
from Abraham one gets the idea of permitting access according to the user's authorization and 
the object type; while from Boebert one learns to permit operation according to a process domain 
and an object type. Therefore, in combination the most that can be suggested is a system that 
permits access according to the user's authorization, the process domain and the object type. 
Such an idea does not read on or suggests the invention claimed in claim 1. The system of claim 
1 makes the determination based on "trust group value of the requesting process, the trust group 
value of the target object, and the object type," and is irrespective of the user. At least for this 
reason, Claim 1 is patentable over the combination of Abraham and Boebert. 
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Furthermore, Applicant respectfully submit that Abraham does not disclose the limitation 
"defining an action rule for each combination of process trust group value, object trust group 
value, and object type" as alleged in the pending Office Action. The cited support for this 
allegation is Figure 8 of Abraham. However, Figure 8 and the relevant disclosure of Abraham 
do not disclose or suggest this limitation. Rather, Abraham discloses that the table is used to 
manage the security of an object when an object either changes category or changes location. 
Thus, the "rules" disclosed in Figure 8 of Abraham only relate to changes in object's category 
and object location, but fail to disclose or suggest rules based on a combination of process tiust 
group, object trust group, and object type. Boebert fails to remedy this deficiency. Therefore, 
even taking the combined disclosure of Abraham and Boebert, the resulting teaching fails to 
suggest this claimed feature. 

Accordingly, it is respectfully submitted that claims 1 and 13 are allowable at least for the 
above reasons. Claims 2-6 and 8-12 depend from allowable claim 1 and are, therefore, allowable 
by definition. Claims 14-16, 19 and 21 depend from allowable claim 13 and are, therefore, also 
allowable by definition. 

With respect to claim 23, Applicant respectfully traverses this rejection at least for the 
following reasons. It is alleged that Figure 15 discloses the cited limitation: "wherein when a 
process is created in said RAM from an originating object of one of said objects, said processor 
assigns to said process a process trust value equal to the object trust value of said originating 
object." Applicant respectfully submits that Abraham in general, and Figure 15 specifically, fails 
to teach this limitation. Rather, Figure 15 described the process for modifying the security 
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access of an object to enable a user to view it. The example of Figure 15 has nothing to do with 
creating a process from an object and assigning to the created process a trust value. The only 
purpose of the example of Figure 15 is to show how an inaccessible item can be made accessible 
to a specific user: "since the security categories have been modified automatically, the user 
MFG1 will now be able to display the same EC1 and its AIs." Col. 21, Ins. 20-22. Moreover, 
Boebert fails to remedy this deficiency, and the combination of Abraham and Boebert therefore 
fails to teach this limitation. TAccordingly, it is respectfully submitted that claim 23 is allowable 
over Abraham in view of Boebert. Claims 24 and 26 depend from allowable claim 23 and are, 
therefore, allowable by definition. 

In view of the above, reconsideration and allowance of this application are now believed 
to be in order, and such actions are hereby solicited. If any points remain in issue which the 
Examiner feels may be best resolved through a personal or telephone interview, the Examiner is 
kindly requested to contact the undersigned at the telephone number listed below. 
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The USPTO is directed and authorized to charge all required fees, except for t 
Fee and the Publication Fee, to Deposit Account No. 19-4880. Please also credit any 
overpayments to said Deposit Account. 



Respectfully submitted, 



SUGHRUE MION, PIXC 
Telephone: (650)625-8100 
Facsimile: (650)625-8110 
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CERTIFICATE OF FACSIMILE TRANSMISSION 

I hereby certify that this AMENDMENT UNDER 37 C.F.R. § 1.111 is 
being facsimile transmitted to the U S. Patent and Trademark; Office this 



31st day of July, 2006. 



Date: July 31, 2006 
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